CVE-2015-7907

Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:honeywell:midas_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:honeywell:midas_black_firmware:*:*:*:*:*:*:*:*

Information

Published : 2015-12-21 03:59

Updated : 2015-12-22 10:41


NVD link : CVE-2015-7907

Mitre link : CVE-2015-7907


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

honeywell

  • midas_firmware
  • midas_black_firmware